OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SilverBack Security Advisory: Nbase-Xyplex DoS
From: Mark McLaughlin (mmclaughlinSILVERBACKTECH.COM)
Date: Wed Apr 05 2000 - 16:42:29 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SilverBack Security Advisory
Copyright (c) 2000 SilverBack Technologies
April 5th, 2000
www.silverbacktech.com

Products affected:
Nbase-Xyplex EdgeBlaster MultiFunction WAN Access Router

Description:
SilverBack Technologies has discovered a Denial of Service attack
against Nbase-Xyplex EdgeBlaster router
http://www.nbase-xyplex.com/products/wan/brdg_routers/edgeblaster.cfm
The router tested will stop passing traffic when scanned for the
FormMail CGI vulnerability. The test was preformed from both linux,
and NT devices running NAI's CyberCop scanning software.
When the EdgeBlaster is scanned with CyberCop module 10017 the device
does not dump core or reboot. To access to the device after the scan
you must power cycle the router.

Resolution:
Nbase-Xyplex has been contacted and is currently tracking this support
call. Technical support explained that they recreated the problem in a
lab environment and have escalated the problem to engineering.

Mark McLaughlin, CISSP
Senior Security Engineer
SilverBack Technologies Inc
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5

iQA/AwUBOOuzRGMDobzT1rQCEQI0eACdEhEb0meowDu5kZUnieN1uAH/aS8AoLtQ
xYXl/tD4Svz+QWhkA/DoIRJj
=XfB7
-----END PGP SIGNATURE-----